I'm doing portscans on a system I'm working to learn more about
securing hosts and setting up iptables. My tcp portscan reported
what I expected, only www, ssh and smtp listening. The udp
portscan reported a huge list of 'open' ports. I really didn't
know what to expect for this scan, so I want to know if this is
normal. Just for grins, I removed every udp listing in
/etc/services and restarted inetd and the scan came back the
same. I figure this is normal, but if someone can confirm this
behaviour, I'd really appreciate it.
If this isn't secure behaviour, perhaps I can add an iptables
entry like:
iptables -A INPUT -p udp -j drop
However, I don't have any applications running using udp, so the
'open' port doesn't have anywhere to go, as far as I know.
Again, if someone can confirm this, I'd really appreciate it.
thanks,
jc
--
Jeff Coppock Nortel Networks
Systems Engineer http://nortelnetworks.com